Example #1
0
File: nginx.py Project: za3k/devops
def ensure_site(config_file,
                cert=None,
                csr=None,
                key=None,
                letsencrypt=False,
                domain=None,
                enabled=True):
    assert not (letsencrypt and not enabled)  # Online verification won't work
    assert not (letsencrypt and not cert
                )  # As a hack, use an expired cert to bootstrap
    assert not (letsencrypt and not csr
                )  # We've opted to use CSR as the input to acme.sh
    assert not (
        letsencrypt and not domain
    )  # we can't infer the well-known-path on disk without some extra help
    ensure_sites_available()
    placed_config = '/etc/nginx/sites-available/' + config_file.split("/")[-1]
    util.put_file(config_file, placed_config, user='******', mode='0644')
    if key is not None:
        crypto.put_key(key)
    if csr is not None:
        remote_csr = crypto.put_csr(csr)
    if cert is not None:
        crypto.put_cert(cert)
    if enabled:
        sudo("ln -s -f {config} /etc/nginx/sites-enabled".format(
            config=placed_config))
    if letsencrypt:
        import letsencrypt
        reload(
        )  # Awkward... we need this to enable a site enough for the well-known path to work
        letsencrypt.add_csr(remote_csr, domain)
        reload()  # And allow the key
Example #2
0
File: mx.py Project: za3k/devops
def _dovecot(database_password):
    select_package("apt")
    package_ensure(["dovecot-imapd", "dovecot-lmtpd", "dovecot-pgsql", "dovecot-sieve", "dovecot-managesieved"]) # On debian will automatically be enabled
    crypto.put_cert('config/certs/imap.za3k.com.pem')
    crypto.put_key('config/keys/imap.za3k.com.key')
    put('config/dovecot/dovecot.conf', '/etc/dovecot/dovecot.conf', mode='644')
    put('config/dovecot/dovecot-sql.conf', '/etc/dovecot/dovecot-sql.conf', mode='600')
    _replace('/etc/dovecot/dovecot-sql.conf', 'DOVECOT_DATABASE_PASSWORD', database_password)
    dir_ensure("/etc/dovecot/sieve.d")
    run("chown vmail:vmail /etc/dovecot/sieve.d")
Example #3
0
File: mx.py Project: za3k/devops
def _postfix(database_password):
    select_package("apt")
    already_installed = package_ensure(["postfix", "postfix-pgsql"]) # On debian will automatically be enabled
    crypto.put_cert('config/certs/smtp.za3k.com.pem')
    crypto.put_key('config/keys/smtp.za3k.com.key')
    crypto.ensure_dhparams('/etc/ssl/dhparams-postfix.pem', size=1024)
    put('config/postfix/main.cf', '/etc/postfix', mode='644')
    put('config/postfix/master.cf', '/etc/postfix', mode='644')
    put('config/postfix/mailname', '/etc', mode='644')
    put('config/postfix/pgsql-virtual-aliases.cf', '/etc/postfix', mode='600')
    put('config/postfix/pgsql-virtual-mailbox.cf', '/etc/postfix', mode='600')
    _replace('/etc/postfix/pgsql-virtual-aliases.cf', 'POSTFIX_DATABASE_PASSWORD', database_password)
    _replace('/etc/postfix/pgsql-virtual-mailbox.cf', 'POSTFIX_DATABASE_PASSWORD', database_password)
Example #4
0
File: mx.py Project: za3k/devops
def _dovecot(database_password):
    select_package("apt")
    package_ensure([
        "dovecot-imapd", "dovecot-lmtpd", "dovecot-pgsql", "dovecot-sieve",
        "dovecot-managesieved"
    ])  # On debian will automatically be enabled
    crypto.put_cert('config/certs/imap.za3k.com.pem')
    crypto.put_key('config/keys/imap.za3k.com.key')
    put('config/dovecot/dovecot.conf', '/etc/dovecot/dovecot.conf', mode='644')
    put('config/dovecot/dovecot-sql.conf',
        '/etc/dovecot/dovecot-sql.conf',
        mode='600')
    _replace('/etc/dovecot/dovecot-sql.conf', 'DOVECOT_DATABASE_PASSWORD',
             database_password)
    dir_ensure("/etc/dovecot/sieve.d")
    run("chown vmail:vmail /etc/dovecot/sieve.d")
Example #5
0
File: mx.py Project: za3k/devops
def _postfix(database_password):
    select_package("apt")
    already_installed = package_ensure(
        ["postfix",
         "postfix-pgsql"])  # On debian will automatically be enabled
    crypto.put_cert('config/certs/smtp.za3k.com.pem')
    crypto.put_key('config/keys/smtp.za3k.com.key')
    crypto.ensure_dhparams('/etc/ssl/dhparams-postfix.pem', size=1024)
    put('config/postfix/main.cf', '/etc/postfix', mode='644')
    put('config/postfix/master.cf', '/etc/postfix', mode='644')
    put('config/postfix/mailname', '/etc', mode='644')
    put('config/postfix/pgsql-virtual-aliases.cf', '/etc/postfix', mode='600')
    put('config/postfix/pgsql-virtual-mailbox.cf', '/etc/postfix', mode='600')
    _replace('/etc/postfix/pgsql-virtual-aliases.cf',
             'POSTFIX_DATABASE_PASSWORD', database_password)
    _replace('/etc/postfix/pgsql-virtual-mailbox.cf',
             'POSTFIX_DATABASE_PASSWORD', database_password)
Example #6
0
File: nginx.py Project: za3k/devops
def ensure_site(config_file, cert=None, csr=None, key=None, letsencrypt=False, domain=None, enabled=True):
    assert not (letsencrypt and not enabled) # Online verification won't work
    assert not (letsencrypt and not cert) # As a hack, use an expired cert to bootstrap
    assert not (letsencrypt and not csr) # We've opted to use CSR as the input to acme.sh
    assert not (letsencrypt and not domain) # we can't infer the well-known-path on disk without some extra help
    ensure_sites_available()
    placed_config = put(config_file, '/etc/nginx/sites-available')[0]
    if key is not None:
        crypto.put_key(key)
    if csr is not None:
        remote_csr = crypto.put_csr(csr)
    if cert is not None:
        crypto.put_cert(cert)
    if enabled:
        sudo("ln -s -f {config} /etc/nginx/sites-enabled".format(config=placed_config))
    if letsencrypt:
        import letsencrypt
        reload() # Awkward... we need this to enable a site enough for the well-known path to work
        letsencrypt.add_csr(remote_csr, domain)
        reload() # And allow the key